VDB
CVE-2023-24953
CVE-2023-24953
PUBLISHED
In Microsoft 365 Apps, Microsoft Excel 2013, Microsoft Excel 2016, Microsoft Office, Microsoft Office 2019 und Microsoft Office 2019 for Mac existieren mehrere Schwachstellen. Microsoft veröffentlicht keine weiteren Details zur Schwachstelle. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich.
EPSS 1.46% · 81.2th percentile
Risk Scores
EPSS Score
1.46%
81.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Microsoft Office LTSC 2021 | |
| Microsoft | Microsoft Office 2019 | |
| Microsoft | Microsoft Excel 2013 RT SP1 | |
| Microsoft | Microsoft Excel 2013 SP1 | |
| Microsoft | Microsoft Office LTSC for Mac 2021 | |
| Microsoft | Microsoft 365 Apps | |
| Microsoft | Microsoft Office 2019 for Mac | |
| Microsoft | Microsoft Excel 2016 |
Exploit Intelligence
- https://www.microsoft.com/en-us/msrc/exploitability-index?rtc=1 (msrc)
- Microsoft Excel Remote Code Execution Vulnerability (circl)
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html (certbund)
- rules.yar (github-yara)
- rules.yar (github-yara)
- rules.yar (github-yara)
- rules.yar (github-yara)
- rules.yar (github-yara)
- rules.yar (github-yara)
Timeline
- May 9, 2023 CVE Published
- May 10, 2023 EPSS Score
- Jun 16, 2023 EPSS Score
- Aug 28, 2023 EPSS Score
- Oct 4, 2023 EPSS Score
- Nov 10, 2023 EPSS Score
- Dec 17, 2023 EPSS Score
- Feb 28, 2024 EPSS Score
- Apr 5, 2024 EPSS Score
- May 12, 2024 EPSS Score
- Jun 17, 2024 EPSS Score
- Aug 30, 2024 EPSS Score
References
- https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1179.json advisory
- https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1179 advisory
- https://msrc.microsoft.com/update-guide advisory
- https://thehackernews.com/2024/01/act-now-cisa-flags-active-exploitation.html exploit